📄 kmisc.c
字号:
)
{
TH32PROC **ppNext;
PTHREAD pTh;
DWORD loop;
LPBYTE pNextFree;
ppNext = &pSnap->pProc;
for (loop = 0; loop < MAX_PROCESSES; loop++) {
if (ProcArray[loop].dwVMBase && (!loop || ProcStarted(&ProcArray[loop]))) {
if (!(*ppNext = (TH32PROC *)THGrow(pSnap,sizeof(TH32PROC))))
return FALSE;
(*ppNext)->procentry.dwSize = sizeof(PROCESSENTRY32);
(*ppNext)->procentry.cntUsage = 1;
(*ppNext)->procentry.th32ProcessID = (DWORD)ProcArray[loop].hProc;
(*ppNext)->procentry.th32ModuleID = 0;
(*ppNext)->procentry.cntThreads = 0;
for (pTh = ProcArray[loop].pTh; pTh; pTh = pTh->pNextInProc)
(*ppNext)->procentry.cntThreads++;
(*ppNext)->procentry.th32ParentProcessID = 0;
(*ppNext)->procentry.pcPriClassBase = THREAD_PRIORITY_NORMAL;
(*ppNext)->procentry.dwFlags = ProcArray[loop].ZonePtr ? ProcArray[loop].ZonePtr->ulZoneMask : 0;
(*ppNext)->procentry.th32MemoryBase = ProcArray[loop].dwVMBase;
(*ppNext)->procentry.th32AccessKey = ProcArray[loop].aky;
kstrcpyW((*ppNext)->procentry.szExeFile,ProcArray[loop].lpszProcName);
if (loop && bGetHeap) {
pNextFree = pSnap->pNextFree;
__try {
if (!pGetHeapSnapshot (pSnap, 1, &(*ppNext)->pMainHeapEntry, ProcArray[loop].hProc)) {
(*ppNext)->procentry.th32DefaultHeapID = 0;
(*ppNext)->pMainHeapEntry = 0;
pSnap->pNextFree = pNextFree;
} else {
(*ppNext)->procentry.th32DefaultHeapID = (*ppNext)->pMainHeapEntry->heapentry.th32HeapID;
}
} __except (EXCEPTION_EXECUTE_HANDLER) {
(*ppNext)->procentry.th32DefaultHeapID = 0;
(*ppNext)->pMainHeapEntry = 0;
pSnap->pNextFree = pNextFree;
}
} else {
(*ppNext)->procentry.th32DefaultHeapID = 0;
(*ppNext)->pMainHeapEntry = 0;
}
ppNext = &(*ppNext)->pNext;
}
}
*ppNext = 0;
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
THGetMods(
THSNAP *pSnap,
DWORD dwProcID
)
{
TH32MOD **ppNext;
PMODULE pMod;
PPROCESS pProc;
DWORD loop;
ppNext = &pSnap->pMod;
if (dwProcID && !(pProc = HandleToProc((HANDLE)dwProcID)))
return FALSE;
for (pMod = pModList; pMod; pMod = pMod->pMod) {
if (dwProcID && !HasModRefProcPtr(pMod,pProc))
continue;
if (!(*ppNext = (TH32MOD *)THGrow(pSnap,sizeof(TH32MOD))))
return FALSE;
(*ppNext)->modentry.dwSize = sizeof(MODULEENTRY32);
(*ppNext)->modentry.th32ModuleID = (DWORD)pMod;
(*ppNext)->modentry.th32ProcessID = dwProcID;
(*ppNext)->modentry.GlblcntUsage = 0;
for (loop = 0; loop < MAX_PROCESSES; loop++)
(*ppNext)->modentry.GlblcntUsage += pMod->refcnt[loop];
(*ppNext)->modentry.ProccntUsage = dwProcID ? pMod->refcnt[pProc->procnum] : pMod->inuse;
(*ppNext)->modentry.modBaseAddr = (LPBYTE)ZeroPtr(pMod->BasePtr);
(*ppNext)->modentry.modBaseSize = pMod->e32.e32_vsize;
(*ppNext)->modentry.hModule = (HMODULE)pMod;
(*ppNext)->modentry.dwFlags = pMod->ZonePtr ? pMod->ZonePtr->ulZoneMask : 0;
kstrcpyW((*ppNext)->modentry.szModule,pMod->lpszModName);
(*ppNext)->modentry.szExePath[0] = 0;
ppNext = &(*ppNext)->pNext;
}
*ppNext = 0;
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
THGetThreads(
THSNAP *pSnap,
ACCESSKEY dwSavedCurThdAky
)
{
TH32THREAD **ppNext;
PTHREAD pTh;
DWORD loop, idxProc;
ppNext = &pSnap->pThread;
for (loop = 0; loop < MAX_PROCESSES; loop++) {
if (ProcArray[loop].dwVMBase && (!loop || ProcStarted(&ProcArray[loop]))) {
for (pTh = ProcArray[loop].pTh; pTh; pTh = pTh->pNextInProc) {
if (!(*ppNext = (TH32THREAD *)THGrow(pSnap,sizeof(TH32THREAD))))
return FALSE;
// test if the thread handle is valid
if (HandleToThread (pTh->hTh) == pTh) {
(*ppNext)->threadentry.dwSize = sizeof(THREADENTRY32);
(*ppNext)->threadentry.cntUsage = 1;
(*ppNext)->threadentry.th32ThreadID = (DWORD)pTh->hTh;
(*ppNext)->threadentry.th32OwnerProcessID = (DWORD)ProcArray[loop].hProc;
(*ppNext)->threadentry.tpBasePri = GET_BPRIO(pTh);
(*ppNext)->threadentry.tpDeltaPri = GET_BPRIO(pTh) - GET_CPRIO(pTh);
(*ppNext)->threadentry.dwFlags = GET_SLEEPING(pTh) ? 4 + (pTh->lpProxy != 0) + (pTh->bSuspendCnt != 0) * 2 : GET_RUNSTATE(pTh);
idxProc = ((DWORD) pTh->pProc - (DWORD) &ProcArray[0]) / sizeof (ProcArray[0]);
(*ppNext)->threadentry.th32CurrentProcessID = (idxProc < MAX_PROCESSES)? (DWORD)ProcArray[idxProc].hProc : 0;
(*ppNext)->threadentry.th32AccessKey = (pTh == pCurThread) ? dwSavedCurThdAky : pTh->aky;
ppNext = &(*ppNext)->pNext;
}
}
}
}
*ppNext = 0;
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
THGetHeaps(
THSNAP *pSnap,
DWORD dwProcID
)
{
LPBYTE pNextFree = pSnap->pNextFree;
if ((HANDLE)dwProcID == ProcArray[0].hProc)
pSnap->pHeap = 0;
else {
__try {
if (!pGetHeapSnapshot (pSnap, 0, &pSnap->pHeap, (HANDLE) dwProcID))
return FALSE;
} __except (EXCEPTION_EXECUTE_HANDLER) {
pSnap->pNextFree = pNextFree;
pSnap->pHeap = 0;
}
}
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
THSNAP *
SC_THCreateSnapshot(
DWORD dwFlags,
DWORD dwProcID
)
{
ACCESSKEY ulOldKey;
THSNAP *pSnap;
if (!dwProcID || (dwProcID == (DWORD)GetCurrentProcess()))
dwProcID = (DWORD)hCurProc;
else if (GetHandleType((HANDLE)dwProcID) != SH_CURPROC) {
SetLastError(ERROR_INVALID_PARAMETER);
return INVALID_HANDLE_VALUE;
}
if (!(pSnap = VirtualAlloc(0, THSNAP_RESERVE, MEM_RESERVE, PAGE_NOACCESS))) {
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return INVALID_HANDLE_VALUE;
}
pSnap = MapPtr(pSnap);
if (!VirtualAlloc(pSnap,PAGE_SIZE, MEM_COMMIT, PAGE_READWRITE)) {
VirtualFree(pSnap,0,MEM_RELEASE);
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return INVALID_HANDLE_VALUE;
}
pSnap->pNextFree = (LPBYTE)pSnap + sizeof(THSNAP);
pSnap->pHighCommit = (LPBYTE)pSnap + PAGE_SIZE;
pSnap->pHighReserve = (LPBYTE)pSnap + THSNAP_RESERVE;
SWITCHKEY(ulOldKey,0xffffffff);
EnterCriticalSection(&LLcs);
if (((dwFlags & TH32CS_SNAPPROCESS) && !THGetProcs(pSnap,(dwFlags & TH32CS_SNAPNOHEAPS ? 0 : 1))) ||
((dwFlags & TH32CS_SNAPMODULE) && !THGetMods(pSnap,(dwFlags & TH32CS_GETALLMODS) ? 0 : dwProcID)) ||
((dwFlags & TH32CS_SNAPTHREAD) && !THGetThreads(pSnap, ulOldKey)) ||
((dwFlags & TH32CS_SNAPHEAPLIST) && !THGetHeaps(pSnap,dwProcID))) {
VirtualFree(pSnap,THSNAP_RESERVE,MEM_DECOMMIT);
VirtualFree(pSnap,0,MEM_RELEASE);
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
pSnap = INVALID_HANDLE_VALUE;
}
LeaveCriticalSection(&LLcs);
SETCURKEY(ulOldKey);
return pSnap;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
DWORD
SC_GetProcessVersion(
DWORD dwProcessId
)
{
PPROCESS pprc;
PMODULE pMod = (PMODULE) dwProcessId;
e32_lite *eptr = NULL;
if (!dwProcessId) {
eptr = &pCurProc->e32;
} else if (pprc = HandleToProc((HANDLE)dwProcessId)) {
eptr = &pprc->e32;
} else if (IsValidModule (pMod)) {
eptr = &pMod->e32;
} else {
SetLastError(ERROR_INVALID_PARAMETER);
return 0;
}
return MAKELONG(eptr->e32_ceverminor, eptr->e32_cevermajor);
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
SC_SetStdioPathW(
DWORD id,
LPCWSTR pwszPath
)
{
LPName pName, pName2;
DWORD len;
if ((id >= 3) || (pwszPath && ((len = strlenW(pwszPath)) > MAX_PATH-1))) {
KSetLastError(pCurThread,ERROR_INVALID_PARAMETER);
return FALSE;
}
if (pwszPath) {
if (!(pName = AllocName(sizeof(WCHAR)*(len+1)))) {
KSetLastError(pCurThread,ERROR_OUTOFMEMORY);
return FALSE;
}
memcpy(pName->name,pwszPath,sizeof(WCHAR)*(len+1));
} else
pName = 0;
EnterCriticalSection(&NameCS);
pName2 = pCurProc->pStdNames[id];
pCurProc->pStdNames[id] = pName;
LeaveCriticalSection(&NameCS);
if (pName2)
FreeName(pName2);
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
SC_GetStdioPathW(
DWORD id,
PWSTR pwszBuf,
LPDWORD lpdwLen
)
{
DWORD len;
Name name;
if ((id >= 3)
|| !lpdwLen
|| ((KERN_TRUST_FULL != pCurProc->bTrustLevel) && !SC_MapPtrWithSize (pwszBuf, *lpdwLen, hCurProc))) {
KSetLastError(pCurThread,ERROR_INVALID_PARAMETER);
return FALSE;
}
LockPages(&name,sizeof(name),0,LOCKFLAG_WRITE);
EnterCriticalSection(&NameCS);
if (!(pCurProc->pStdNames[id]))
len = 0;
else {
len = strlenW(pCurProc->pStdNames[id]->name)+1;
memcpy(name.name,pCurProc->pStdNames[id]->name,sizeof(WCHAR)*len);
}
LeaveCriticalSection(&NameCS);
UnlockPages(&name,sizeof(name));
if (*lpdwLen < len) {
*lpdwLen = len;
KSetLastError(pCurThread,ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
*lpdwLen = len;
memcpy(pwszBuf,name.name,sizeof(WCHAR)*len);
return TRUE;
}
BOOL (*pQueryPerformanceCounter)(LARGE_INTEGER *lpPerformanceCount);
BOOL (*pQueryPerformanceFrequency)(LARGE_INTEGER *lpPerformanceFrequency);
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
SC_QueryPerformanceCounter(
LARGE_INTEGER *lpPerformanceCount
)
{
if ((KERN_TRUST_FULL != pCurProc->bTrustLevel)
&& !SC_MapPtrWithSize (lpPerformanceCount, sizeof (LARGE_INTEGER), hCurProc)) {
KSetLastError (pCurThread, ERROR_INVALID_PARAMETER);
return FALSE;
}
if (pQueryPerformanceCounter)
return pQueryPerformanceCounter(lpPerformanceCount);
lpPerformanceCount->HighPart = 0;
lpPerformanceCount->LowPart = GETCURRTICK ();
return TRUE;
}
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
BOOL
SC_QueryPerformanceFrequency(
LARGE_INTEGER *lpFrequency
)
{
if ((KERN_TRUST_FULL != pCurProc->bTrustLevel)
&& !SC_MapPtrWithSize (lpFrequency, sizeof (LARGE_INTEGER), hCurProc)) {
KSetLastError (pCurThread, ERROR_INVALID_PARAMETER);
return FALSE;
}
if (pQueryPerformanceFrequency)
return pQueryPerformanceFrequency(lpFrequency);
lpFrequency->HighPart = 0;
lpFrequency->LowPart = 1000;
return TRUE;
}
DWORD (*pReadRegistryFromOEM)(DWORD dwFlags, LPBYTE pBuf, DWORD len);
BOOL (*pWriteRegistryToOEM)(DWORD dwFlags, LPBYTE pBuf, DWORD len);
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
DWORD
SC_ReadRegistryFromOEM(
DWORD dwFlags,
LPBYTE pBuf,
DWORD len
)
{
TRUSTED_API (L"SC_ReadRegistryFromOEM", 0);
if (pReadRegistryFromOEM)
return pReadRegistryFromOEM(dwFlags, pBuf, len);
return 0;
}
//------------------------------------------------------------------------------
//----------------------------⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -